FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
86526ba4-53c8-11db-8f1a-000a48049292	phpbb -- NULL byte injection vulnerability Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte. Successful exploitation requires privileges to the administration section. Discovery 2006-09-12 Entry 2006-10-04 Modified 2006-12-24 phpbb zh-phpbb-tw < 2.0.22 20347 CVE-2006-4758 http://secunia.com/advisories/22188/ http://xforce.iss.net/xforce/xfdb/28884 http://www.security.nnov.ru/Odocument221.html

VuXML ID

Description

86526ba4-53c8-11db-8f1a-000a48049292

phpbb -- NULL byte injection vulnerability

Secunia reports:

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.

Discovery 2006-09-12
Entry 2006-10-04
Modified 2006-12-24
phpbb
zh-phpbb-tw

< 2.0.22

20347
CVE-2006-4758
http://secunia.com/advisories/22188/
http://xforce.iss.net/xforce/xfdb/28884
http://www.security.nnov.ru/Odocument221.html